Matthew Toseland skrev: > On Tuesday 16 June 2009 21:53:09 Zero3 wrote: >> Matthew Toseland skrev: >>> On Sunday 14 June 2009 14:24:39 Zero3 wrote: >>>> a) On the front page of the website: A "What is Freenet?" teaser linking >>>> to the "What is Freenet?" page would be cool. Confusedly started to read >>>> the news item instead. (She should have spotted the "News" headline, but >>>> I agree on the teaser) >>> I think originally the reason for putting news on the main page was that a >>> lot of people check back on the website repeatedly, looking for new stuff >>> (i.e. news) ?: >>> >>> I agree we should have some basic explanation and link on the home page >>> though ... I am not quite sure whether just copying the first para from >>> "What is Freenet" as Dieppe has done is sufficient? >>> >>> "Freenet is free software which lets you publish and obtain information on >>> the Internet without fear of censorship. To achieve this freedom, the >>> network is entirely decentralized and publishers and consumers of >>> information are anonymous. Without anonymity there can never be true >>> freedom of speech, and without decentralization the network will be >>> vulnerable to attack." >>> >>> Followed by a link to learn more, a download link and news. >>> >>> Is this sufficiently comprehensible to newbies? I guess so, but it doesn't >>> really answer the question! >> I think it's quite good actually! I think "Without anonymity there can >> never be true freedom of speech") is a bit subjective though. > > Alternatives? Clearly anonymity is a direct consequence of the overriding > goal of thwarting censorship.
Ala "The anonymity of Freenet makes true freedom of speech possible" >>>> b) FUD alert on the "What is Freenet?" page: >>>> >>>> "Freenet does not let the user control what is stored in the data store. >>>> [...] Files in the data store are encrypted to reduce the likelihood of >>>> prosecution by persons wishing to censor Freenet content." >>>> >>>> (Agreed. We are scaring some people away before they even reach the >>>> download page. I don't think we should hide the facts, but rather give a >>>> reasoned explanation for the ways Freenet do things.) >>> I guess there is a language issue here yeah... >>> >>> How about this? (deployed): >>> >>> 'Users contribute to the network by giving bandwidth and a portion of their >>> hard drive (called the "data store") for storing files. Files are >>> automatically kept or deleted depending on how popular they are, with the >>> least popular being discarded to make way for newer or more popular >>> content. Files are encrypted, so generally the user cannot easily discover >>> what is in his datastore, and hopefully can't be held accountable for it.' >> Much better, yeah. >> >>>> c) On the "Philosophy" page: More focus on what Freenet actually *can >>>> do* for citizens living under censorship and the like. >>> Isn't that what "What is Freenet?" is about? >> Well, yeah, except it doesn't really say anything about it on that page >> either. > > It does now IMHO. Have you read the current version? Yeah, it does mention what you can do with Freenet in general. Dunno. >>>> e) On the "Download page": No idea what a "node reference" is. (Could be >>>> rephrased or explained better) >>> That's why it's in quotes, and the "Add a friend" page does explain it. Do >>> you have any suggestion as to how to improve the wording? >> Perhaps add a paranthesis explaining the term? > > Is it a problem? If he clicks the link to Add a Friend it will explain it to > him? Given that he has a node running (it links to localhost fproxy). It is not a problem, just a minor usability quirk IMHO. >>>> Very annoying to be asked to install a second >>>> browser. In this case, a third (using FF with IE as backup. And user is >>>> asked not to use IE). More FUD about history leaks. >>> FUD stands for Fear, Uncertainty and Doubt. Unfortunately, the warnings >>> about browser history stealing are factually true. Perhaps there is an >>> argument for not naming such attacks if this intimidates people? Is the >>> problem with IE important? There are possibilities for working around it, >>> there has never been much enthusiasm for implementing them (even from ian >>> who tends to be usability oriented). >> Exactly. The user is fears the consequences of history leaks and is >> uncertain what he ought to do, and thereby doubts his security and >> privacy using Freenet. > > He knows what he needs to do - use a separate browser. Don't we make that > clear? It may be annoying but it is clear, no? It is indeed very clear, but as you say, also damn annoying. If possible, I think we should avoid annoying the user. >> IMHO we are exaggerating with this warning page. >> >> Dunno about IE? Is version 7/8 "secure enough"? > > The problem with IE is a deliberate policy decision to ignore MIME types on > most files. There is a registry key to fix it. I think it has improved > slightly in recent times but avoiding it is not easy. We ought to re-test this under version 7/8? >> Chrome actually has an online installer - but only supports XP SP2+ and >> Vista. We could also simply link to the project page of FF when they >> implement a (hopefully working) incognito mode... > > :| > > XP SP2 is most of our users though... > > The user might want to install something else? We need a warning box, a > choose a browser box, with integrated Chrome install on appropriate OS's, and > with the ability to wait while the user installs a browser and redetect it, > plus once the user has chosen a browser we tell the node (when running Browse > Freenet) that they have done so and we don't need to show the warning page in > the wizard. Ok? We could also simply recommend getting Chrome in the fproxy warning. Would be easier to maintain, and the user will have to time to consider it (might be hard to make that decission before you even have tried Freenet and have no idea if you are going to keep it). If user installs it later on, it will automatically be picked up in the launcher, which would then pass on the "incognito"-flag to fproxy. >>> The Browse Freenet script should pass in a flag if it is sure that it is >>> starting a browser in privacy mode. Having said that, shouldn't the user be >>> aware of this issue? A false sense of security can do >>> a great deal of damage... >>> >>> https://bugs.freenetproject.org/view.php?id=3247 >> You need to remember to submit them under "wininstaller" and not >> "installer" if you want me to realize that you submitted something for >> me to work on ;). > > Well, it's another joint-effort bug, you'll need me to implement the option > for the wizard. True. Guess I'll just keep an eye on "installer" bugs too then. Or maybe it ought to be 2 reports really... >>>> g) Confusion about the "automatic IP detection". Why does Freenet needs >>>> my address when I'm supposed to be anonymous? >>> So Freenet uses a magical invisible protocol that doesn't involve sending >>> any packets over the internet, doesn't require new hardware, and is >>> completely undetectable? >>> >>>> What is JSTUN? What should >>>> I do on this page? (Agreed.) >>> The UPnP explanation is okay, right? >>> >>> You want a *full* explanation for JSTUN? >>> >>> JSTUN: >>> Currently: >>> "Enable automatic IP address detection via JSTUN. Uses central servers >>> (also used by e.g. internet telephone programs) to find out your IP >>> address. Turn off if you are concerned about this." >>> >>> Longer: >>> "Enable automatic IP address detection via JSTUN. Freenet is a distributed >>> network, therefore other Freenet nodes need to know your IP address in >>> order to connect. Because most computers are not directly connected to the >>> Internet but go through routers, modems and so on, and most computers' IP >>> address changes regularly, the easiest way to determine your current IP >>> address is to ask some central servers which are also used by Internet >>> telephony programs. If you are worried that this might be used to identify >>> your use of Freenet, you should turn this off, but you will need a static >>> IP address, a direct internet connection or some other way of finding your >>> address such as a dyndns.com address. Note that dyndns is blocked in China!" >>> >>> Shorter: >>> "Enable JSTUN. Turn this off if you have a static IP address or a dyndns >>> address." >> I don't know what the best way is. I'd personally like not having to ask >> the user about this technical stuff. > > Unfortunately it has security issues for really paranoid users ... >> UPnP for IP detection should always be safe to enable? > > Unless the user is on an untrusted LAN or is directly connected to > building-level NATed ethernet, as is common is eastern Europe and probably > many other places. Even if we are on untrusted LAN, does it matter? Loads of apps probably do this? >> Your peers can tell you your IP address on opennet? When UPnP fails on >> darknet, you could ask the user if he wants to enable the JSTUN plugin >> (with a proper explanation, like your long version above.) > > Where would we post such an explanation? Messages on the homepage are > supposed to be short! Short explanation (single line or so) with a "more info" expandable link like the various OS installation instructions on the download page of freenetproject.org. Put it on the page with the darknet node reference if the IP is unknown. > JSTUN does help even with opennet, but yes it probably isn't necessary - if > we lose all our peers, we reannounce, and seednodes tell us our new IP > address... Hmm. > On darknet you really need one of the two, or a static/dyndns IP address, or > at least an online peer that hasn't changed its address... >>>> h) FUD on the main fproxy page after finally getting through the wizard: >>> Is there an implication here that it is too long? Any suggestions as to >>> what to take out? Taking a big chunk of the user's disk space and bandwidth >>> without asking used to lose us quite a few users. Making assumptions about >>> security is likely to cause problems for those few users that do need it... >>> I have considered getting rid of the welcome page at the beginning that >>> allows you to not use the wizard... >> A bit too long, yeah. On top of my head: >> >> Welcome page: Move general info to next page, put a skip button in the >> header/footer/corner somewhere on all other pages instead. > > Or just get rid of it. IMHO just casually skipping it is the easy way out and > will require us to implement dangerous defaults. We should just dump it. > Advanced users will figure out that once you get past the browser warning it > will think you've completed it anyway, everyone else needs to go through the > wizard. >> Ram usage: Don't ask. Either use static default (as now) or dynamic >> according to available memory. Advanced users can adjust it in settings >> afterwards. > > We don't ask for ram usage any more. Do we? We did not very long ago. Dunno? >> IP detection page: See above. >> >> Security levels: Perhaps figure out some smart way to merge either some >> of the levels or some of the pages? > > One very looooong page which nobody will read? IMHO they are logically > distinct, and significant. For example, if the physical security level is set > to LOW temp file handling and thus the responsiveness of the node are > considerably improved. Arguably we only need a friends security level if we > add darknet peers, but we want users to add darknet peers, and we want to be > secure by default, i.e. ask them BEFORE they add a peer... >>>> Big read warning about connecting to the network. (Agreed. Since this is >>>> to be expected, we shouldn't display a big, fat, red warning box. This >>>> makes users go FUD and think they did something wrong or something is >>>> broken. Make it a big, fat infobox instad. >>> What big red warning? "The node is trying to connect to the network, it >>> will be slow for a while." ??? How is this FUD? Users don't read, and have >>> unrealistic expectations, so it is IMHO essential to tell them, while we >>> have less than 10 peers, that Freenet may be slow for a while. Several >>> times when I have done test installs this hasn't even shown up since it has >>> reached 10 peers before showing the browse page! >> There will probably always be people around who refuse to read. I >> personally don't think we should sacifice usability for smart users to >> satisfy the stupid ones :). > > I don't see why it is a usability issue, we are simply telling the user the > facts. >> It's not so much the size that bugged the reviewer, but rather the fact >> that it was presented as a *red warning* and not as an white infobox or >> similar. > > Messages do not belong in infoboxes, they belong in messages. If you want the > detail you click on it and it will show you the detail in an infobox. So > really what he is complaining about is the little red X icon next to it. The > purpose of which is to draw the user's attention. This is only shown if > bootstrapping is particularly slow as I mentioned above... I think I'm explaining myself poorly. The format of the text is good, it just shouldn't be a marked red (with icon + the whole box turns red because of it). Since the node won't connect to opennet peers before we go through the wizard, it most likely won't have 10 peers when the user sees the fproxy homepage for the first time. - Zero3